CVE-2020-37027

Sickbeard alpha contains a remote command injection vulnerability that allows unauthenticated attackers to execute arbitrary commands through the extra scripts configuration. Attackers can set malicious commands in the extra scripts field and trigger processing to execute remote code on the...

CVE-2020-37024 Nidesoft DVD Ripper 5.2.18 - Local Buffer Overflow

Nidesoft DVD Ripper 5.2.18 contains a local buffer overflow vulnerability in the License Code registration parameter that allows attackers to execute arbitrary code. Attackers can craft a malicious payload and paste it into the License Code field to trigger a stack-based buffer overflow and execu...

CVE-2020-37024 Nidesoft DVD Ripper 5.2.18 - Local Buffer Overflow

Nidesoft DVD Ripper 5.2.18 contains a local buffer overflow vulnerability in the License Code registration parameter that allows attackers to execute arbitrary code. Attackers can craft a malicious payload and paste it into the License Code field to trigger a stack-based buffer overflow and execu...

CVE-2019-25232 NetPCLinker 1.0.0.0 - Buffer Overflow

NetPCLinker 1.0.0.0 contains a buffer overflow vulnerability in the Clients Control Panel DNS/IP field that allows attackers to execute arbitrary shellcode. Attackers can craft a malicious payload in the DNS/IP input to overwrite SEH handlers and execute shellcode when adding a new client...

CVE-2026-25153 @backstage/plugin-techdocs-node vulnerable to arbitrary code execution via MkDocs hooks

Backstage is an open framework for building developer portals, and @backstage/plugin-techdocs-node provides common node.js functionalities for TechDocs. In versions of @backstage/plugin-techdocs-node prior to 1.13.11 and 1.14.1, when TechDocs is configured with runIn: local, a malicious actor who...

CVE-2026-25153

In CVE-2026-25153, versions of @backstage/plugin-techdocs-node before 1.13.11 and before 1.14.1 are vulnerable when TechDocs runs with runIn: local. A malicious actor who can submit or modify a repository’s mkdocs.yml can cause arbitrary Python code execution on the TechDocs build server via MkDo...

CVE-2026-25153 @backstage/plugin-techdocs-node vulnerable to arbitrary code execution via MkDocs hooks

Backstage is an open framework for building developer portals, and @backstage/plugin-techdocs-node provides common node.js functionalities for TechDocs. In versions of @backstage/plugin-techdocs-node prior to 1.13.11 and 1.14.1, when TechDocs is configured with runIn: local, a malicious actor who...

Salt junos Module Vulnerable to Code Injection via Specially Crafted YAML Payload

Salt's junos execution module contained an unsafe YAML decode/load usage. A specially crafted YAML payload processed by the junos module could lead to unintended code execution under the context of the Salt process...

PsySH has Local Privilege Escalation via CWD .psysh.php auto-load

Summary PsySH automatically loads and executes a .psysh.php file from the Current Working Directory CWD on startup. If an attacker can write to a directory that a victim later uses as their CWD when launching PsySH, the attacker can trigger arbitrary code execution in the victim's context. When t...

CVE-2026-25129 PsySH has Local Privilege Escalation via CWD .psysh.php auto-load

PsySH is a runtime developer console, interactive debugger, and REPL for PHP. Prior to versions 0.11.23 and 0.12.19, PsySH automatically loads and executes a .psysh.php file from the Current Working Directory CWD on startup. If an attacker can write to a directory that a victim later uses as thei...

CVE-2026-25129 PsySH has Local Privilege Escalation via CWD .psysh.php auto-load

PsySH is a runtime developer console, interactive debugger, and REPL for PHP. Prior to versions 0.11.23 and 0.12.19, PsySH automatically loads and executes a .psysh.php file from the Current Working Directory CWD on startup. If an attacker can write to a directory that a victim later uses as thei...

Arbitrary Code Injection

Overview salt is a new approach to infrastructure management built on a dynamic communication bus. Salt can be used for data-driven orchestration, remote execution for any infrastructure, configuration management for any app stack, and much more. Affected versions of this package are vulnerable t...

CVE-2026-1699

In the Eclipse Theia Website repository, the GitHub Actions workflow .github/workflows/preview.yml used pullrequesttarget trigger while checking out and executing untrusted pull request code. This allowed any GitHub user to execute arbitrary code in the repository's CI environment with access to...

EUVD-2026-5040

In the Eclipse Theia Website repository, the GitHub Actions workflow .github/workflows/preview.yml used pullrequesttarget trigger while checking out and executing untrusted pull request code. This allowed any GitHub user to execute arbitrary code in the repository's CI environment with access to...

CVE-2026-1699

CVE-2026-1699 concerns the Eclipse Theia Website repository. The issue: the GitHub Actions workflow .github/workflows/preview.yml used the pull_request_target trigger while checking out and executing untrusted PR code. This allowed any GitHub user to run arbitrary code in the repository’s CI envi...

Sandbox Escape

vm2 is vulnerable to Sandbox Escape. The vulnerability is due to incomplete sanitization of Promise callbacks, where globalPromise.prototype.then and catch are not sanitized while localPromise is, this allowing attackers to bypass sandbox restrictions via async function return values and execute...

NVIDIA CUDA toolkit code issue vulnerability

NVIDIA CUDA toolkit is a toolkit from NVIDIA, Inc. It provides a development environment for creating high-performance GPU-accelerated applications. A security vulnerability exists in NVIDIA CUDA Toolkit, which can be exploited by an attacker to cause arbitrary code to be executed with the same...

Port Forwarding Wizard security vulnerabilities

Port Forwarding Wizard is a port forwarding tool developed by an invalid account developer. Version 4.8.0 of Port Forwarding Wizard contains a security vulnerability, which stems from a buffer overflow in the Register function. This vulnerability could allow local attackers to execute arbitrary...

MiracleLinux 9 : openssl-3.5.1-7.el9_7.ML.1 (AXSA:2026-105:04)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-105:04 advisory. openssl: OpenSSL: Arbitrary code execution or denial of service through crafted PKCS12 file CVE-2025-11187 openssl: OpenSSL: Remote code execution or...

Debian dsa-6116 : chromium - security update

The remote Debian 12 / 13 host has packages installed that are affected by a vulnerability as referenced in the dsa-6116 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6116-1 [email protected] https://www.debian.org/security/...